New Member
•
2 Messages
Why do I need to do IP pass through if wanting to shuttle all lan devices traffic to an internal VPN appliance.
I have a theoretical use case where I was going to maybe play with but I am not sure why I would need to set this up using pass through.
If I have the ATT provided BGW router providing WIFI and routing/DHCP/DNS etc for all my lan connected devices, would I be able to just plug in a VPN appliance into the lan port of the BGW WITHOUT using IP pass through? Basically I don't understand why I need the VPN to have a WAN IP address.
the theoretical use case is that the BGW does all the routing and provides WIFI etc, but the default gateway for all my Lan devices (except for the VPN appliance) is actually the vpn appliance and not the BGW. The VPN appliance receives all traffic from every other internal lan devices, and is running a VPN client that goes out of the router on a secure tunnel to a VPN provider. The use case point is that instead of running a vpn client on each individual lan device, that I have a "man in the middle" that receives the traffic like a VPN proxy and then forwards the traffic out of the WAN port of the BGW.
I see people buying entire Netgear Nighthawks and replacing the BGW non modem functionality completely, but I was wondering if it is possible to have it setup in the way I described. My networking skills are a bit lackluster so perhaps it is impossible for this setup, which again, is having a vpn appliance in some type of promiscuous mode that doesn't actually "route" the traffic but just tunnels the traffic out over secure tunnel at the last hop before it goes out of the wan interface of the fiber BGW. Maybe if I take a wild guess, that this won't work because the vpn appliance itself without taking over routing and DHCP , won't understand how to route traffic back to the source lan devices.
I am just attempting to understand if you can still allow the BGW to perform WIFI, routing, DHCP etc, and keep everything in the same internal subnet while having a vpn appliance do something like this
When I read the pass through docs it seems like second wan device gets put on a new subnet that wouldn't talk to the original subnet of devices connected directly over wifi to the BGW 320 so it seems like an all or nothing approach. Not sure about static routes and what not.
I understand it might not be practical to have all lan devices going through a "gateway vpn" but I was still wondering if it could work like this, versus running a vpn client on every host machine. For my own knowledge I would like to know technically why this wouldn't work.
ATTHelp
Community Support
•
231.5K Messages
1 year ago
Hello srs105, we will be happy to offer some information on your IP Passthrough inquiry.
To begin, what is the VPN device you are trying to set up? We are asking because we need to know where the inbound traffic is being routed to. One of two things can be done. Either IP passthrough in case it is a router or port forwarding. You can't do both in the AT&T router, so if you need to do both, then it would IP passtrough in the AT&T router and Port forwarding in the 3rd party device. In addition, you can configure IP passthrough and DMZplus with detailed steps on this article.
Please let us know if you have any other questions.
Lani, AT&T Community Specilaist
0
0
srs105
New Member
•
2 Messages
1 year ago
Open VPN config running on a custom box, going out to NordVPN servers, this is not for routing incoming traffic from the internet to a device on the lan, rather all outgoing traffic from internal lan devices will flow to the internal vpn device on the lan, and go out of the public IP of the BGW320. I was curious if the vpn can just act as a vpn tunnel for all traffic leaving the network from every device by having the default gateway be the vpn lan device, and then since the vpn lan device is connected to port 1 of the BGW, that the traffic would be routed by the bgw. I guess traffic still needs to be routed by the VPN for this to work, and I can't have two routers, so maybe I answered my own question..
all source traffic would initiate from for example, a desktop and smart tv on wifi, with a default gateway of the vpn device, then both traffic for both devices would be routed to the BGW because I would have the default gateway of the vpn be the BGW, but I assume return traffic would not be correctly routed back to all my internal devices if only the BGW was still doing routing, because it would only see the traffic coming from the lan vpn, and if the lan vpn isn't also doing routing it probably wont pass it back.
Edit: I think I am good here. Apparently I can run a vpn internally with a VPN ROUTER, while only allowing DHCP on the main BGW. There are other options like cascading I didn't really look into. I am fine for now thanks
(edited)
0
0
ATTHelp
Community Support
•
231.5K Messages
1 year ago
Thanks for reaching back out to us srs105.
It is possible to configure your router the way you're describing, but it's just not recommended. If you do it the way you're describing then you'll have double NAT which will cause intermittent internet service. That is why it was recommended to have your router in IP Passthrough mode. This will not allow you to experience double NAT.
Please let us know if you have any further questions.
Robert, AT&T Community Specialist
0
0